nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-08 08:58:00 +00:00
Code Issues Projects Releases Wiki Activity

Support GSS key exchange, for Kerberos 5 only.

Browse Source 
This is a heavily edited (by me) version of a patch originally due to
Nico Williams and Viktor Dukhovni. Their comments:

 * Don't delegate credentials when rekeying unless there's a new TGT
   or the old service ticket is nearly expired.

 * Check for the above conditions more frequently (every two minutes
   by default) and rekey when we would delegate credentials.

 * Do not rekey with very short service ticket lifetimes; some GSSAPI
   libraries may lose the race to use an almost expired ticket. Adjust
   the timing of rekey checks to try to avoid this possibility.

My further comments:

The most interesting thing about this patch to me is that the use of
GSS key exchange causes a switch over to a completely different model
of what host keys are for. This comes from RFC 4462 section 2.1: the
basic idea is that when your session is mostly bidirectionally
authenticated by the GSSAPI exchanges happening in initial kex and
every rekey, host keys become more or less vestigial, and their
remaining purpose is to allow a rekey to happen if the requirements of
the SSH protocol demand it at an awkward moment when the GSS
credentials are not currently available (e.g. timed out and haven't
been renewed yet). As such, there's no need for host keys to be
_permanent_ or to be a reliable identifier of a particular host, and
RFC 4462 allows for the possibility that they might be purely
transient and only for this kind of emergency fallback purpose.

Therefore, once PuTTY has done a GSS key exchange, it disconnects
itself completely from the permanent host key cache functions in
storage.h, and instead switches to a _transient_ host key cache stored
in memory with the lifetime of just that SSH session. That cache is
populated with keys received from the server as a side effect of GSS
kex (via the optional SSH2_MSG_KEXGSS_HOSTKEY message), and used if
later in the session we have to fall back to a non-GSS key exchange.
However, in practice servers we've tested against do not send a host
key in that way, so we also have a fallback method of populating the
transient cache by triggering an immediate non-GSS rekey straight
after userauth (reusing the code path we also use to turn on OpenSSH
delayed encryption without the race condition).
This commit is contained in:
Simon Tatham 2018-04-26 07:18:59 +01:00
parent d50150c40f
commit d515e4f1a3
14 changed files with 1444 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
config.c
View File

@ -442,7 +442,7 @@ static void kexlist_handler(union control *ctrl, void *dlg,
/* (kexlist assumed to contain all algorithms) */
dlg_update_start(ctrl, dlg);
dlg_listbox_clear(ctrl, dlg);
for (i = 0; i < KEX_MAX; i++) {
for (i = 0; i < KEX_MAX_CONF; i++) {
int k = conf_get_int_int(conf, CONF_ssh_kexlist, i);
int j;
const char *kstr = NULL;
@ -460,7 +460,7 @@ static void kexlist_handler(union control *ctrl, void *dlg,
int i;
/* Update array to match the list box. */
for (i=0; i < KEX_MAX; i++)
for (i=0; i < KEX_MAX_CONF; i++)
conf_set_int_int(conf, CONF_ssh_kexlist, i,
dlg_listbox_getid(ctrl, dlg, i));
}
@ -2402,7 +2402,7 @@ void setup_config_box(struct controlbox *b, int midsession,
c = ctrl_draglist(s, "Algorithm selection policy:", 's',
HELPCTX(ssh_kexlist),
kexlist_handler, P(NULL));
c->listbox.height = 5;
c->listbox.height = KEX_MAX_CONF;
s = ctrl_getset(b, "Connection/SSH/Kex", "repeat",
"Options controlling key re-exchange");
@ -2412,6 +2412,11 @@ void setup_config_box(struct controlbox *b, int midsession,
conf_editbox_handler,
I(CONF_ssh_rekey_time),
I(-1));
ctrl_editbox(s, "Minutes between GSS checks (0 for never)", NO_SHORTCUT, 20,
HELPCTX(ssh_kex_repeat),
conf_editbox_handler,
I(CONF_gssapirekey),
I(-1));
ctrl_editbox(s, "Max data before rekey (0 for no limit)", 'x', 20,
HELPCTX(ssh_kex_repeat),
conf_editbox_handler,

53
doc/config.but
View File

@ -1929,9 +1929,10 @@ PuTTY will prompt for a username at the time you make a connection.
In some environments, such as the networks of large organisations
implementing \i{single sign-on}, a more sensible default may be to use
the name of the user logged in to the local operating system (if any);
this is particularly likely to be useful with \i{GSSAPI} authentication
(see \k{config-ssh-auth-gssapi}). This control allows you to change
the default behaviour.
this is particularly likely to be useful with \i{GSSAPI} key exchange
and user authentication (see \k{config-ssh-auth-gssapi} and
\k{config-ssh-kex}). This control allows you to change the default
behaviour.
The current system username is displayed in the dialog as a
convenience. It is not saved in the configuration; if a saved session
@ -2552,6 +2553,34 @@ If the first algorithm PuTTY finds is below the \q{warn below here}
line, you will see a warning box when you make the connection, similar
to that for cipher selection (see \k{config-ssh-encryption}).
\S2{config-ssh-gssapi-kex} GSSAPI-based key exchange
PuTTY supports a set of key exchange methods that also incorporates
GSSAPI-based authentication.
PuTTY can only perform the GSSAPI-authenticated key exchange methods
when using Kerberos V5, and not other GSSAPI mechanisms. PuTTY will
attempt to select these methods if it is configured to use GSSAPI
authentication (\k{config-ssh-auth-gssapi}), and if the user running
it has current Kerberos V5 credentials. If both of those are true,
then PuTTY will select the GSSAPI key exchange methods in preference
to any of the ordinary SSH key exchange methods configured in the
preference list.
The advantage of doing GSSAPI authentication as part of the SSH key
exchange is that the SSH key exchange can be repeated later in the
session, and this allows your Kerberos V5 credentials (which are
typically short-lived) to be automatically re-delegated to the server
when they are refreshed on the client. (This feature is commonly
referred to as \q{cascading credentials}.)
If your server doesn't support GSSAPI key exchange, it may still
support GSSAPI in the SSH user authentication phase. This will still
let you log in using your Kerberos credentials, but will only allow
you to delegate the credentials that are active at the beginning of
the session; they can't be refreshed automatically later, in a
long-running session.
\S{config-ssh-kex-rekey} \ii{Repeat key exchange}
\cfg{winhelp-topic}{ssh.kex.repeat}
@ -2594,6 +2623,14 @@ purposes, rekeys have much the same properties as keepalives.
should bear that in mind when deciding whether to turn them off.)
Note, however, the the SSH \e{server} can still initiate rekeys.
\b \q{Minutes between GSSAPI cache checks}, if you're using GSSAPI key
exchange, specifies how often the GSSAPI credential cache is checked
to see whether new tickets are available for delegation, or current
ones are near expiration. If forwarding of GSSAPI credentials is
enabled, PuTTY will try to rekey as necessary to keep the delegated
credentials from expiring. Frequent checks are recommended; rekeying
only happens when needed.
\b \q{Max data before rekey} specifies the amount of data (in bytes)
that is permitted to flow in either direction before a rekey is
initiated. If this is set to zero, PuTTY will not rekey due to
@ -2947,7 +2984,15 @@ machine, which in principle can authenticate in many different ways
but in practice is usually used with the \i{Kerberos} \i{single sign-on}
protocol to implement \i{passwordless login}.
GSSAPI is only available in the SSH-2 protocol.
GSSAPI authentication is only available in the SSH-2 protocol.
PuTTY supports two forms of GSSAPI-based authentication. In one of
them, the SSH key exchange happens in the normal way, and GSSAPI is
only involved in authenticating the user. In the other, GSSAPI-based
authentication is combined with the key exchange phase, and the SSH
authentication step has nothing left to do. If you enable GSSAPI
authentication, PuTTY will attempt both of these methods, and use
whichever the server supports.
The topmost control on the GSSAPI subpanel is the checkbox labelled
\q{Attempt GSSAPI authentication}. If this is disabled, GSSAPI will

37
pgssapi.h
View File

@ -58,6 +58,7 @@ typedef void * gss_name_t;
typedef void * gss_cred_id_t;
typedef OM_uint32 gss_qop_t;
typedef int gss_cred_usage_t;
/* Flag bits for context-level services. */
@ -76,6 +77,13 @@ typedef OM_uint32 gss_qop_t;
#define GSS_C_INITIATE 1
#define GSS_C_ACCEPT 2
/*-
* RFC 2744 Page 86
* Expiration time of 2^32-1 seconds means infinite lifetime for a
* credential or security context
*/
#define GSS_C_INDEFINITE 0xfffffffful
/* Status code types for gss_display_status */
#define GSS_C_GSS_CODE 1
#define GSS_C_MECH_CODE 2
@ -256,6 +264,13 @@ typedef OM_uint32 (GSS_CC *t_gss_get_mic)
const gss_buffer_t /*message_buffer*/,
gss_buffer_t /*msg_token*/);
typedef OM_uint32 (GSS_CC *t_gss_verify_mic)
(OM_uint32 * /*minor_status*/,
const gss_ctx_id_t /*context_handle*/,
const gss_buffer_t /*message_buffer*/,
const gss_buffer_t /*msg_token*/,
gss_qop_t * /*qop_state*/);
typedef OM_uint32 (GSS_CC *t_gss_display_status)
(OM_uint32 * /*minor_status*/,
OM_uint32 /*status_value*/,
@ -280,15 +295,37 @@ typedef OM_uint32 (GSS_CC *t_gss_release_buffer)
(OM_uint32 * /*minor_status*/,
gss_buffer_t /*buffer*/);
typedef OM_uint32 (GSS_CC *t_gss_acquire_cred)
(OM_uint32 * /*minor_status*/,
const gss_name_t /*desired_name*/,
OM_uint32 /*time_req*/,
const gss_OID_set /*desired_mechs*/,
gss_cred_usage_t /*cred_usage*/,
gss_cred_id_t * /*output_cred_handle*/,
gss_OID_set * /*actual_mechs*/,
OM_uint32 * /*time_rec*/);
typedef OM_uint32 (GSS_CC *t_gss_inquire_cred_by_mech)
(OM_uint32 * /*minor_status*/,
const gss_cred_id_t /*cred_handle*/,
const gss_OID /*mech_type*/,
gss_name_t * /*name*/,
OM_uint32 * /*initiator_lifetime*/,
OM_uint32 * /*acceptor_lifetime*/,
gss_cred_usage_t * /*cred_usage*/);
struct gssapi_functions {
t_gss_delete_sec_context delete_sec_context;
t_gss_display_status display_status;
t_gss_get_mic get_mic;
t_gss_verify_mic verify_mic;
t_gss_import_name import_name;
t_gss_init_sec_context init_sec_context;
t_gss_release_buffer release_buffer;
t_gss_release_cred release_cred;
t_gss_release_name release_name;
t_gss_acquire_cred acquire_cred;
t_gss_inquire_cred_by_mech inquire_cred_by_mech;
};
#endif /* NO_GSSAPI */

9
putty.h
View File

@ -271,6 +271,14 @@ enum {
KEX_DHGEX,
KEX_RSA,
KEX_ECDH,
/*
* KEX_MAX_CONF is a boundary between statically and dynamically configured
* KEXes, without creating a gap in the numbering, allowing easy addition
* of vaues on either side
*/
KEX_MAX_CONF, KEX_DUMMY = KEX_MAX_CONF-1,
/* Kexes from here to KEX_MAX are not explicitly configurable */
KEX_GSS_SHA1_K5,
KEX_MAX
};
@ -796,6 +804,7 @@ void cleanup_exit(int);
X(INT, NONE, try_ki_auth) \
X(INT, NONE, try_gssapi_auth) /* attempt gssapi auth */ \
X(INT, NONE, gssapifwd) /* forward tgt via gss */ \
X(INT, NONE, gssapirekey) /* KEXGSS refresh interval (mins) */ \
X(INT, INT, ssh_gsslist) /* preference order for local GSS libs */ \
X(FILENAME, NONE, ssh_gss_custom) \
X(INT, NONE, ssh_subsys) /* run a subsystem rather than a command */ \

19
settings.c
View File

@ -7,6 +7,11 @@
#include <stdlib.h>
#include "putty.h"
#include "storage.h"
#ifndef NO_GSSAPI
#include "sshgssc.h"
#include "sshgss.h"
#endif
/* The cipher order given here is the default order. */
static const struct keyvalwhere ciphernames[] = {
@ -566,9 +571,10 @@ void save_open_settings(void *sesskey, Conf *conf)
write_setting_i(sesskey, "GssapiFwd", conf_get_int(conf, CONF_gssapifwd));
write_setting_i(sesskey, "ChangeUsername", conf_get_int(conf, CONF_change_username));
wprefs(sesskey, "Cipher", ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist);
wprefs(sesskey, "KEX", kexnames, KEX_MAX, conf, CONF_ssh_kexlist);
wprefs(sesskey, "KEX", kexnames, KEX_MAX_CONF, conf, CONF_ssh_kexlist);
wprefs(sesskey, "HostKey", hknames, HK_MAX, conf, CONF_ssh_hklist);
write_setting_i(sesskey, "RekeyTime", conf_get_int(conf, CONF_ssh_rekey_time));
write_setting_i(sesskey, "GssapiRekey", conf_get_int(conf, CONF_gssapirekey));
write_setting_s(sesskey, "RekeyBytes", conf_get_str(conf, CONF_ssh_rekey_data));
write_setting_i(sesskey, "SshNoAuth", conf_get_int(conf, CONF_ssh_no_userauth));
write_setting_i(sesskey, "SshBanner", conf_get_int(conf, CONF_ssh_show_banner));
@ -910,10 +916,10 @@ void load_open_settings(void *sesskey, Conf *conf)
* a server which offered it then choked, but we never got
* a server version string or any other reports. */
const char *default_kexes,
*normal_default = "ecdh,dh-gex-sha1,dh-group14-sha1,rsa,"
"WARN,dh-group1-sha1",
*bugdhgex2_default = "ecdh,dh-group14-sha1,rsa,"
"WARN,dh-group1-sha1,dh-gex-sha1";
*normal_default = "gss-sha1-krb5,ecdh,dh-gex-sha1,"
"dh-group14-sha1,rsa,WARN,dh-group1-sha1",
*bugdhgex2_default = "gss-sha1-krb5,ecdh,dh-group14-sha1,"
"rsa,WARN,dh-group1-sha1,dh-gex-sha1";
char *raw;
i = 2 - gppi_raw(sesskey, "BugDHGEx2", 0);
if (i == FORCE_ON)
@ -940,12 +946,13 @@ void load_open_settings(void *sesskey, Conf *conf)
sfree(raw);
raw = dupstr(normal_default);
}
gprefs_from_str(raw, kexnames, KEX_MAX, conf, CONF_ssh_kexlist);
gprefs_from_str(raw, kexnames, KEX_MAX_CONF, conf, CONF_ssh_kexlist);
sfree(raw);
}
gprefs(sesskey, "HostKey", "ed25519,ecdsa,rsa,dsa,WARN",
hknames, HK_MAX, conf, CONF_ssh_hklist);
gppi(sesskey, "RekeyTime", 60, conf, CONF_ssh_rekey_time);
gppi(sesskey, "GssapiRekey", 2, conf, CONF_gssapirekey);
gpps(sesskey, "RekeyBytes", "1G", conf, CONF_ssh_rekey_data);
{
/* SSH-2 only by default */

1195
ssh.c
View File

File diff suppressed because it is too large Load Diff

10
ssh.h
View File

@ -381,7 +381,7 @@ struct ssh_hash {
struct ssh_kex {
const char *name, *groupname;
enum { KEXTYPE_DH, KEXTYPE_RSA, KEXTYPE_ECDH } main_type;
enum { KEXTYPE_DH, KEXTYPE_RSA, KEXTYPE_ECDH, KEXTYPE_GSS } main_type;
const struct ssh_hash *hash;
const void *extra; /* private to the kex methods */
};
@ -466,6 +466,7 @@ extern const struct ssh_hash ssh_sha512;
extern const struct ssh_kexes ssh_diffiehellman_group1;
extern const struct ssh_kexes ssh_diffiehellman_group14;
extern const struct ssh_kexes ssh_diffiehellman_gex;
extern const struct ssh_kexes ssh_gssk5_sha1_kex;
extern const struct ssh_kexes ssh_rsa_kex;
extern const struct ssh_kexes ssh_ecdh_kex;
extern const struct ssh_signkey ssh_dss;
@ -952,6 +953,13 @@ void platform_ssh_share_cleanup(const char *name);
#define SSH2_MSG_KEX_DH_GEX_GROUP 31 /* 0x1f */
#define SSH2_MSG_KEX_DH_GEX_INIT 32 /* 0x20 */
#define SSH2_MSG_KEX_DH_GEX_REPLY 33 /* 0x21 */
#define SSH2_MSG_KEXGSS_INIT 30 /* 0x1e */
#define SSH2_MSG_KEXGSS_CONTINUE 31 /* 0x1f */
#define SSH2_MSG_KEXGSS_COMPLETE 32 /* 0x20 */
#define SSH2_MSG_KEXGSS_HOSTKEY 33 /* 0x21 */
#define SSH2_MSG_KEXGSS_ERROR 34 /* 0x22 */
#define SSH2_MSG_KEXGSS_GROUPREQ 40 /* 0x28 */
#define SSH2_MSG_KEXGSS_GROUP 41 /* 0x29 */
#define SSH2_MSG_KEXRSA_PUBKEY 30 /* 0x1e */
#define SSH2_MSG_KEXRSA_SECRET 31 /* 0x1f */
#define SSH2_MSG_KEXRSA_DONE 32 /* 0x20 */

40
sshdh.c
View File

@ -121,6 +121,46 @@ const struct ssh_kexes ssh_diffiehellman_gex = {
gex_list
};
/*
* Suffix on GSSAPI SSH protocol identifiers that indicates Kerberos 5
* as the mechanism.
*
* This suffix is the base64-encoded MD5 hash of the byte sequence
* 06 09 2A 86 48 86 F7 12 01 02 02, which in turn is the ASN.1 DER
* encoding of the object ID 1.2.840.113554.1.2.2 which designates
* Kerberos v5.
*
* (The same encoded OID, minus the two-byte DER header, is defined in
* pgssapi.c as GSS_MECH_KRB5.)
*/
#define GSS_KRB5_OID_HASH "toWM5Slw5Ew8Mqkay+al2g=="
static const struct ssh_kex ssh_gssk5_diffiehellman_gex_sha1 = {
"gss-gex-sha1-" GSS_KRB5_OID_HASH, NULL,
KEXTYPE_GSS, &ssh_sha1, &extra_gex,
};
static const struct ssh_kex ssh_gssk5_diffiehellman_group14_sha1 = {
"gss-group14-sha1-" GSS_KRB5_OID_HASH, "group14",
KEXTYPE_GSS, &ssh_sha1, &extra_group14,
};
static const struct ssh_kex ssh_gssk5_diffiehellman_group1_sha1 = {
"gss-group1-sha1-" GSS_KRB5_OID_HASH, "group1",
KEXTYPE_GSS, &ssh_sha1, &extra_group1,
};
static const struct ssh_kex *const gssk5_sha1_kex_list[] = {
&ssh_gssk5_diffiehellman_gex_sha1,
&ssh_gssk5_diffiehellman_group14_sha1,
&ssh_gssk5_diffiehellman_group1_sha1
};
const struct ssh_kexes ssh_gssk5_sha1_kex = {
sizeof(gssk5_sha1_kex_list) / sizeof(*gssk5_sha1_kex_list),
gssk5_sha1_kex_list
};
/*
* Variables.
*/

21
sshgss.h
View File

@ -13,6 +13,8 @@ typedef enum Ssh_gss_stat {
SSH_GSS_S_CONTINUE_NEEDED,
SSH_GSS_NO_MEM,
SSH_GSS_BAD_HOST_NAME,
SSH_GSS_BAD_MIC,
SSH_GSS_NO_CREDS,
SSH_GSS_FAILURE
} Ssh_gss_stat;
@ -26,6 +28,8 @@ typedef enum Ssh_gss_stat {
typedef gss_buffer_desc Ssh_gss_buf;
typedef gss_name_t Ssh_gss_name;
#define GSS_NO_EXPIRATION ((time_t)-1)
/* Functions, provided by either wingss.c or sshgssc.c */
struct ssh_gss_library;
@ -79,7 +83,8 @@ typedef Ssh_gss_stat (*t_ssh_gss_release_name)(struct ssh_gss_library *lib,
typedef Ssh_gss_stat (*t_ssh_gss_init_sec_context)
(struct ssh_gss_library *lib,
Ssh_gss_ctx *ctx, Ssh_gss_name name, int delegate,
Ssh_gss_buf *in, Ssh_gss_buf *out);
Ssh_gss_buf *in, Ssh_gss_buf *out, time_t *expiry,
unsigned long *lifetime);
/*
* Frees the contents of an Ssh_gss_buf filled in by
@ -96,7 +101,8 @@ typedef Ssh_gss_stat (*t_ssh_gss_free_tok)(struct ssh_gss_library *lib,
* place. Needs to be freed by ssh_gss_release_cred().
*/
typedef Ssh_gss_stat (*t_ssh_gss_acquire_cred)(struct ssh_gss_library *lib,
Ssh_gss_ctx *);
Ssh_gss_ctx *,
time_t *expiry);
/*
* Frees the contents of an Ssh_gss_ctx filled in by
@ -111,7 +117,15 @@ typedef Ssh_gss_stat (*t_ssh_gss_release_cred)(struct ssh_gss_library *lib,
*/
typedef Ssh_gss_stat (*t_ssh_gss_get_mic)(struct ssh_gss_library *lib,
Ssh_gss_ctx ctx, Ssh_gss_buf *in,
Ssh_gss_buf *out);
Ssh_gss_buf *out);
/*
* Validates an input MIC for some input data.
*/
typedef Ssh_gss_stat (*t_ssh_gss_verify_mic)(struct ssh_gss_library *lib,
Ssh_gss_ctx ctx,
Ssh_gss_buf *in_data,
Ssh_gss_buf *in_mic);
/*
* Frees the contents of an Ssh_gss_buf filled in by
@ -161,6 +175,7 @@ struct ssh_gss_library {
t_ssh_gss_acquire_cred acquire_cred;
t_ssh_gss_release_cred release_cred;
t_ssh_gss_get_mic get_mic;
t_ssh_gss_verify_mic verify_mic;
t_ssh_gss_free_mic free_mic;
t_ssh_gss_display_status display_status;

89
sshgssc.c
View File

@ -1,6 +1,7 @@
#include "putty.h"
#include <string.h>
#include <limits.h>
#include "sshgssc.h"
#include "misc.h"
@ -38,14 +39,64 @@ static Ssh_gss_stat ssh_gssapi_import_name(struct ssh_gss_library *lib,
}
static Ssh_gss_stat ssh_gssapi_acquire_cred(struct ssh_gss_library *lib,
Ssh_gss_ctx *ctx)
Ssh_gss_ctx *ctx,
time_t *expiry)
{
struct gssapi_functions *gss = &lib->u.gssapi;
gss_OID_set_desc k5only = { 1, GSS_MECH_KRB5 };
gss_cred_id_t cred;
OM_uint32 dummy;
OM_uint32 time_rec;
gssapi_ssh_gss_ctx *gssctx = snew(gssapi_ssh_gss_ctx);
gssctx->maj_stat = gssctx->min_stat = GSS_S_COMPLETE;
gssctx->ctx = GSS_C_NO_CONTEXT;
*ctx = (Ssh_gss_ctx) gssctx;
gssctx->expiry = 0;
gssctx->maj_stat =
gss->acquire_cred(&gssctx->min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE,
&k5only, GSS_C_INITIATE, &cred,
(gss_OID_set *)0, &time_rec);
if (gssctx->maj_stat != GSS_S_COMPLETE) {
sfree(gssctx);
return SSH_GSS_FAILURE;
}
/*
* When the credential lifetime is not yet available due to deferred
* processing, gss_acquire_cred should return a 0 lifetime which is
* distinct from GSS_C_INDEFINITE which signals a crential that never
* expires. However, not all implementations get this right, and with
* Kerberos, initiator credentials always expire at some point. So when
* lifetime is 0 or GSS_C_INDEFINITE we call gss_inquire_cred_by_mech() to
* complete deferred processing.
*/
if (time_rec == GSS_C_INDEFINITE || time_rec == 0) {
gssctx->maj_stat =
gss->inquire_cred_by_mech(&gssctx->min_stat, cred,
(gss_OID) GSS_MECH_KRB5,
GSS_C_NO_NAME,
&time_rec,
NULL,
NULL);
}
(void) gss->release_cred(&dummy, &cred);
if (gssctx->maj_stat != GSS_S_COMPLETE) {
sfree(gssctx);
return SSH_GSS_FAILURE;
}
if (time_rec != GSS_C_INDEFINITE)
gssctx->expiry = time(NULL) + time_rec;
else
gssctx->expiry = GSS_NO_EXPIRATION;
if (expiry) {
*expiry = gssctx->expiry;
}
*ctx = (Ssh_gss_ctx) gssctx;
return SSH_GSS_OK;
}
@ -54,11 +105,14 @@ static Ssh_gss_stat ssh_gssapi_init_sec_context(struct ssh_gss_library *lib,
Ssh_gss_name srv_name,
int to_deleg,
Ssh_gss_buf *recv_tok,
Ssh_gss_buf *send_tok)
Ssh_gss_buf *send_tok,
time_t *expiry,
unsigned long *lifetime)
{
struct gssapi_functions *gss = &lib->u.gssapi;
gssapi_ssh_gss_ctx *gssctx = (gssapi_ssh_gss_ctx*) *ctx;
OM_uint32 ret_flags;
OM_uint32 lifetime_rec;
if (to_deleg) to_deleg = GSS_C_DELEG_FLAG;
gssctx->maj_stat = gss->init_sec_context(&gssctx->min_stat,
@ -74,7 +128,20 @@ static Ssh_gss_stat ssh_gssapi_init_sec_context(struct ssh_gss_library *lib,
NULL, /* ignore mech type */
send_tok,
&ret_flags,
NULL); /* ignore time_rec */
&lifetime_rec);
if (lifetime) {
if (lifetime_rec == GSS_C_INDEFINITE)
*lifetime = ULONG_MAX;
else
*lifetime = lifetime_rec;
}
if (expiry) {
if (lifetime_rec == GSS_C_INDEFINITE)
*expiry = GSS_NO_EXPIRATION;
else
*expiry = time(NULL) + lifetime_rec;
}
if (gssctx->maj_stat == GSS_S_COMPLETE) return SSH_GSS_S_COMPLETE;
if (gssctx->maj_stat == GSS_S_CONTINUE_NEEDED) return SSH_GSS_S_CONTINUE_NEEDED;
@ -148,6 +215,7 @@ static Ssh_gss_stat ssh_gssapi_release_cred(struct ssh_gss_library *lib,
if (gssctx->ctx != GSS_C_NO_CONTEXT)
maj_stat = gss->delete_sec_context(&min_stat,&gssctx->ctx,GSS_C_NO_BUFFER);
sfree(gssctx);
*ctx = NULL;
if (maj_stat == GSS_S_COMPLETE) return SSH_GSS_OK;
return SSH_GSS_FAILURE;
@ -175,6 +243,16 @@ static Ssh_gss_stat ssh_gssapi_get_mic(struct ssh_gss_library *lib,
return gss->get_mic(&(gssctx->min_stat), gssctx->ctx, 0, buf, hash);
}
static Ssh_gss_stat ssh_gssapi_verify_mic(struct ssh_gss_library *lib,
Ssh_gss_ctx ctx, Ssh_gss_buf *buf,
Ssh_gss_buf *hash)
{
struct gssapi_functions *gss = &lib->u.gssapi;
gssapi_ssh_gss_ctx *gssctx = (gssapi_ssh_gss_ctx *) ctx;
if (gssctx == NULL) return SSH_GSS_FAILURE;
return gss->verify_mic(&(gssctx->min_stat), gssctx->ctx, buf, hash, NULL);
}
static Ssh_gss_stat ssh_gssapi_free_mic(struct ssh_gss_library *lib,
Ssh_gss_buf *hash)
{
@ -192,6 +270,7 @@ void ssh_gssapi_bind_fns(struct ssh_gss_library *lib)
lib->acquire_cred = ssh_gssapi_acquire_cred;
lib->release_cred = ssh_gssapi_release_cred;
lib->get_mic = ssh_gssapi_get_mic;
lib->verify_mic = ssh_gssapi_verify_mic;
lib->free_mic = ssh_gssapi_free_mic;
lib->display_status = ssh_gssapi_display_status;
}

1
sshgssc.h
View File

@ -10,6 +10,7 @@ typedef struct gssapi_ssh_gss_ctx {
OM_uint32 maj_stat;
OM_uint32 min_stat;
gss_ctx_id_t ctx;
time_t expiry;
} gssapi_ssh_gss_ctx;
void ssh_gssapi_bind_fns(struct ssh_gss_library *lib);

6
unix/uxgss.c
View File

@ -41,11 +41,14 @@ static void gss_init(struct ssh_gss_library *lib, void *dlhandle,
BIND_GSS_FN(delete_sec_context);
BIND_GSS_FN(display_status);
BIND_GSS_FN(get_mic);
BIND_GSS_FN(verify_mic);
BIND_GSS_FN(import_name);
BIND_GSS_FN(init_sec_context);
BIND_GSS_FN(release_buffer);
BIND_GSS_FN(release_cred);
BIND_GSS_FN(release_name);
BIND_GSS_FN(acquire_cred);
BIND_GSS_FN(inquire_cred_by_mech);
#undef BIND_GSS_FN
@ -145,11 +148,14 @@ struct ssh_gss_liblist *ssh_gss_setup(Conf *conf)
BIND_GSS_FN(delete_sec_context);
BIND_GSS_FN(display_status);
BIND_GSS_FN(get_mic);
BIND_GSS_FN(verify_mic);
BIND_GSS_FN(import_name);
BIND_GSS_FN(init_sec_context);
BIND_GSS_FN(release_buffer);
BIND_GSS_FN(release_cred);
BIND_GSS_FN(release_name);
BIND_GSS_FN(acquire_cred);
BIND_GSS_FN(inquire_cred_by_mech);
#undef BIND_GSS_FN

119
windows/wingss.c
View File

@ -1,5 +1,6 @@
#ifndef NO_GSSAPI
#include <limits.h>
#include "putty.h"
#define SECURITY_WIN32
@ -11,6 +12,22 @@
#include "misc.h"
#define UNIX_EPOCH 11644473600ULL /* Seconds from Windows epoch */
#define CNS_PERSEC 10000000ULL /* # 100ns per second */
/*
* Note, as a special case, 0 relative to the Windows epoch (unspecified) maps
* to 0 relative to the POSIX epoch (unspecified)!
*/
#define TIME_WIN_TO_POSIX(ft, t) do { \
ULARGE_INTEGER uli; \
uli.LowPart = (ft).dwLowDateTime; \
uli.HighPart = (ft).dwHighDateTime; \
if (uli.QuadPart != 0) \
uli.QuadPart = uli.QuadPart / CNS_PERSEC - UNIX_EPOCH; \
(t) = (time_t) uli.QuadPart; \
} while(0)
/* Windows code to set up the GSSAPI library list. */
#ifdef _WIN64
@ -55,6 +72,9 @@ DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
MakeSignature,
(PCtxtHandle, ULONG, PSecBufferDesc, ULONG));
DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
VerifySignature,
(PCtxtHandle, PSecBufferDesc, ULONG, PULONG));
DECL_WINDOWS_FUNCTION(static, DLL_DIRECTORY_COOKIE,
AddDllDirectory,
(PCWSTR));
@ -144,6 +164,7 @@ struct ssh_gss_liblist *ssh_gss_setup(Conf *conf)
BIND_GSS_FN(delete_sec_context);
BIND_GSS_FN(display_status);
BIND_GSS_FN(get_mic);
BIND_GSS_FN(verify_mic);
BIND_GSS_FN(import_name);
BIND_GSS_FN(init_sec_context);
BIND_GSS_FN(release_buffer);
@ -172,6 +193,7 @@ struct ssh_gss_liblist *ssh_gss_setup(Conf *conf)
GET_WINDOWS_FUNCTION(module, DeleteSecurityContext);
GET_WINDOWS_FUNCTION(module, QueryContextAttributesA);
GET_WINDOWS_FUNCTION(module, MakeSignature);
GET_WINDOWS_FUNCTION(module, VerifySignature);
ssh_sspi_bind_fns(lib);
}
@ -224,6 +246,7 @@ struct ssh_gss_liblist *ssh_gss_setup(Conf *conf)
BIND_GSS_FN(delete_sec_context);
BIND_GSS_FN(display_status);
BIND_GSS_FN(get_mic);
BIND_GSS_FN(verify_mic);
BIND_GSS_FN(import_name);
BIND_GSS_FN(init_sec_context);
BIND_GSS_FN(release_buffer);
@ -289,7 +312,8 @@ static Ssh_gss_stat ssh_sspi_import_name(struct ssh_gss_library *lib,
}
static Ssh_gss_stat ssh_sspi_acquire_cred(struct ssh_gss_library *lib,
Ssh_gss_ctx *ctx)
Ssh_gss_ctx *ctx,
time_t *expiry)
{
winSsh_gss_ctx *winctx = snew(winSsh_gss_ctx);
memset(winctx, 0, sizeof(winSsh_gss_ctx));
@ -309,21 +333,68 @@ static Ssh_gss_stat ssh_sspi_acquire_cred(struct ssh_gss_library *lib,
NULL,
NULL,
&winctx->cred_handle,
&winctx->expiry);
NULL);
if (winctx->maj_stat != SEC_E_OK) {
p_FreeCredentialsHandle(&winctx->cred_handle);
sfree(winctx);
return SSH_GSS_FAILURE;
}
/* Windows does not return a valid expiration from AcquireCredentials */
if (expiry)
*expiry = GSS_NO_EXPIRATION;
if (winctx->maj_stat != SEC_E_OK) return SSH_GSS_FAILURE;
*ctx = (Ssh_gss_ctx) winctx;
return SSH_GSS_OK;
}
static void localexp_to_exp_lifetime(TimeStamp *localexp,
time_t *expiry, unsigned long *lifetime)
{
FILETIME nowUTC;
FILETIME expUTC;
time_t now;
time_t exp;
time_t delta;
if (!lifetime && !expiry)
return;
GetSystemTimeAsFileTime(&nowUTC);
TIME_WIN_TO_POSIX(nowUTC, now);
if (lifetime)
*lifetime = 0;
if (expiry)
*expiry = GSS_NO_EXPIRATION;
if (!LocalFileTimeToFileTime(localexp, &expUTC))
return;
TIME_WIN_TO_POSIX(expUTC, exp);
delta = exp - now;
if (exp == 0 || delta <= 0)
return;
if (expiry)
*expiry = exp;
if (lifetime) {
if (delta <= ULONG_MAX)
*lifetime = (unsigned long)delta;
else
*lifetime = ULONG_MAX;
}
}
static Ssh_gss_stat ssh_sspi_init_sec_context(struct ssh_gss_library *lib,
Ssh_gss_ctx *ctx,
Ssh_gss_name srv_name,
int to_deleg,
Ssh_gss_buf *recv_tok,
Ssh_gss_buf *send_tok)
Ssh_gss_buf *send_tok,
time_t *expiry,
unsigned long *lifetime)
{
winSsh_gss_ctx *winctx = (winSsh_gss_ctx *) *ctx;
SecBuffer wsend_tok = {send_tok->length,SECBUFFER_TOKEN,send_tok->value};
@ -333,6 +404,7 @@ static Ssh_gss_stat ssh_sspi_init_sec_context(struct ssh_gss_library *lib,
unsigned long flags=ISC_REQ_MUTUAL_AUTH|ISC_REQ_REPLAY_DETECT|
ISC_REQ_CONFIDENTIALITY|ISC_REQ_ALLOCATE_MEMORY;
unsigned long ret_flags=0;
TimeStamp localexp;
/* check if we have to delegate ... */
if (to_deleg) flags |= ISC_REQ_DELEGATE;
@ -347,8 +419,10 @@ static Ssh_gss_stat ssh_sspi_init_sec_context(struct ssh_gss_library *lib,
&winctx->context,
&output_desc,
&ret_flags,
&winctx->expiry);
&localexp);
localexp_to_exp_lifetime(&localexp, expiry, lifetime);
/* prepare for the next round */
winctx->context_handle = &winctx->context;
send_tok->value = wsend_tok.pvBuffer;
@ -503,6 +577,36 @@ static Ssh_gss_stat ssh_sspi_get_mic(struct ssh_gss_library *lib,
return winctx->maj_stat;
}
static Ssh_gss_stat ssh_sspi_verify_mic(struct ssh_gss_library *lib,
Ssh_gss_ctx ctx,
Ssh_gss_buf *buf,
Ssh_gss_buf *mic)
{
winSsh_gss_ctx *winctx= (winSsh_gss_ctx *) ctx;
SecBufferDesc InputBufferDescriptor;
SecBuffer InputSecurityToken[2];
ULONG qop;
if (winctx == NULL) return SSH_GSS_FAILURE;
winctx->maj_stat = 0;
InputBufferDescriptor.cBuffers = 2;
InputBufferDescriptor.pBuffers = InputSecurityToken;
InputBufferDescriptor.ulVersion = SECBUFFER_VERSION;
InputSecurityToken[0].BufferType = SECBUFFER_DATA;
InputSecurityToken[0].cbBuffer = buf->length;
InputSecurityToken[0].pvBuffer = buf->value;
InputSecurityToken[1].BufferType = SECBUFFER_TOKEN;
InputSecurityToken[1].cbBuffer = mic->length;
InputSecurityToken[1].pvBuffer = mic->value;
winctx->maj_stat = p_VerifySignature(&winctx->context,
&InputBufferDescriptor,
0, &qop);
return winctx->maj_stat;
}
static Ssh_gss_stat ssh_sspi_free_mic(struct ssh_gss_library *lib,
Ssh_gss_buf *hash)
{
@ -520,6 +624,7 @@ static void ssh_sspi_bind_fns(struct ssh_gss_library *lib)
lib->acquire_cred = ssh_sspi_acquire_cred;
lib->release_cred = ssh_sspi_release_cred;
lib->get_mic = ssh_sspi_get_mic;
lib->verify_mic = ssh_sspi_verify_mic;
lib->free_mic = ssh_sspi_free_mic;
lib->display_status = ssh_sspi_display_status;
}

1
windows/winhelp.h
View File

@ -104,6 +104,7 @@
#define WINHELP_CTX_ssh_share "ssh.sharing:config-ssh-sharing"
#define WINHELP_CTX_ssh_kexlist "ssh.kex.order:config-ssh-kex-order"
#define WINHELP_CTX_ssh_hklist "ssh.hostkey.order:config-ssh-hostkey-order"
#define WINHELP_CTX_ssh_gssapi_kex_delegation "ssh.kex.gssapi.delegation:config-ssh-kex-gssapi-delegation"
#define WINHELP_CTX_ssh_kex_repeat "ssh.kex.repeat:config-ssh-kex-rekey"
#define WINHELP_CTX_ssh_kex_manual_hostkeys "ssh.kex.manualhostkeys:config-ssh-kex-manual-hostkeys"
#define WINHELP_CTX_ssh_auth_bypass "ssh.auth.bypass:config-ssh-noauth"